Bruce Schneier is a well known American security researcher, who has written
several books about this topic. Data and Goliath is his latest book about it. I
bought it last year, but I only got around to reading it last month (one more
win for the reading goal for the year \:D/). First ob­ser­va­tion: while the book
is thick, with 383 pages, a third of it are notes, so it's not that long
actually.

While I've heard about various privacy issues and about the mass sur­veil­lance
revealed by Edward Snowden, I never really did anything about it. I had an
adblocker installed, but that was just because I was annoyed by ads and they
slowed down browsing the Internet, but nothing else. This book was a coherent
pre­sen­ta­tion of what both cor­po­ra­tions and gov­ern­ments do, what effects it has
on us, and why it's really, really, really, really bad.

I don't want to go talk too much about what the book says about existing
sur­veil­lance and what is going, except to call out the fact that the existing
large scale gov­ern­men­tal tracking is not effective against terrorists. The
haystack is too big and the needles look more like twigs, so it doesn't help at
all. Good old in­ves­ti­ga­tion work is what catches the bad guys. Mass sur­veil­lance
is useful for tracking people who protest (le­git­i­mate­ly) against the government.
Also, corporate sur­veil­lance comes in many subtle forms and is used to build up
big profiles about people, which are then often sold by data brokers, or hacked.
Again, not really worth the benefits in most cases.

So what can the average Joe like me do? There are several things, ranging from
political to technical. First off, lobby, propose, discuss, raise awareness,
vote about this. If enough people know about this and are worried about it,
democracy can do it's thing. Hopefully it's not 1984 already.

On the more technical side, there are some simple solutions. Use HTTPS
Everywhere, which forces your browser to
use encrypted con­nec­tions whenever possible. It's a first, simple step towards
avoiding dragnet sur­veil­lance. If it's encrypted, it can't be read in a
straight­for­ward way. Use either Ghostery, Privacy
Badger(I use this one) or
Disconnect. These extensions do as much as possible to
disable tracking. Most im­por­tant­ly, they disable the automatic loading of social
network share buttons, which would au­to­mat­i­cal­ly report back what pages you
browse, even if you don't click on them.

Now, on to more com­pli­cat­ed ones. You can do ob­fus­ca­tion, which means doing
random stuff do create bogus data on your profile. Things like searching for TV
models, even though you don't want to buy one, clicking on random search
results, adding as friends people you don't know, creating fake profiles,
in­ter­chang­ing store loyalty cards with friends, not giving out your real
in­for­ma­tion when asked for (be careful about who's asking and if you can give
out fake in­for­ma­tion) and so on. And, if you wanna go one step further, use the
Tor browser. It's a pain to use, because many things are blocked there, it's
quite slow, but it's definitely a good option. I won't be using it all the time,
but sometimes I will. If you wanna go extreme, you can even run your own Tor
nodes.